<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html><head>


<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Nessus Scan Report</title>
<style type="text/css" media="all"> 
BODY {BACKGROUND-COLOR: #2a4d66; font-family: tahoma,helvetica,sans-serif; font-size: 13px}
A {TEXT-DECORATION: none}
A {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif, font-size: 13px}
A:link {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; TEXT-DECORATION:underline;font-size:13px}
A:active {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; TEXT-DECORATION:underline;font-size:13px}
a:hover {color: #000; font-family: tahoma,helvetica,sans-serif; text-decoration:none;font-size:13px}
TD {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; FONT-SIZE:13px; word-wrap:break-word;}
TR {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; FONT-SIZE:13px}
.even {background-color: #FFF;}
.odd {background-color: #DCDCDC;}
.sev_low {color: #397AB2}
.sev_med {color: #FDBE00}
.sev_high {color: red}
.ip_sev_low {color:#397AB2;font-weight:bold;font-size:1.5em;padding:3px}
.ip_sev_med {color:#FDBE00;font-weight:bold;font-size:1.5em;padding:3px}
.ip_sev_high {color:red;font-weight:bold;font-size:1.5em;padding:3px}
.hostlist {color:#FFF;font-size:2em;font-weight:bold;padding:3px}
.backTo a {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:link {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:active {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:hover {color:#DFDFDF;font-family:tahoma,helvetica,sans-serif;text-decoration:none}
.backToContainer {padding: 4px 0 4px 0}
.vuln_info {font-weight:bold;text-decoration:underline}
.scan_time {font-weight:bold;text-decoration:underline}
.host_info {font-weight:bold;text-decoration:underline}
.plugin_sev_low {background-color:#397AB2}
.plugin_sev_med {background-color:#FDBE00}
.plugin_sev_high {background-color:red}
.plugin_label {color:#FFF;font-weight:bold;padding:3px}
.port_header {background-color:#67889f}
.port_header_label {font-weight:bold;color:#FFF;padding: 3px}
.toggle {color: #FFF}
.divider {padding-top: 2px}
.info_text {padding-left: 8px;}
.default_header {background-color:#67889f}
.info_bg {background-color:#EEF2F3; }
.plugin_output {
width: 600px;
overflow: auto;
white-space: -moz-pre-wrap; /* Mozilla */
white-space: -hp-pre-wrap; /* HP printers */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: pre-wrap; /* CSS 2.1 */
white-space: pre-line; /* CSS 3 (and 2.1 as well, actually) */
word-wrap: break-word; /* IE */
}
</style>
<script type="text/javascript"> 
function toggle(divId)
{
	var divObj = document.getElementById(divId);
 
	if (divObj) {
		var displayType = divObj.style.display;
		if (displayType == "" || displayType == "block") {
			divObj.style.display = "none";
		} else {
			divObj.style.display = "block";
		}	
	}
}
</script>
</head><body>
<a name="toc"></a><table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr class="default_header"><td class="hostlist" align="left">List of hosts</td></tr>
<tr><td>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="even">
<td width="60%"><a href="#toc_172.16.10.5">172.16.10.5</a></td>
<td class="sev_high" width="40%" align="right">High Severity problem(s) found</td>
</tr>
</tbody></table>
</td></tr>
</tbody></table>
<a name="toc_172.16.10.5"></a><div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc">[^] Back</a></td></tr>
</tbody></table>
</div>
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr class="default_header"><td class="ip_sev_med" align="left">172.16.10.5</td></tr>
<tr class="info_bg"><td>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tbody><tr><td>
<span class="scan_time">Scan Time</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Start time : </td>
<td align="right">Sat Feb 26 14:41:24 2011</td>
</tr>
<tr>
<td align="left">End time : </td>
<td align="right">Sat Feb 26 14:43:32 2011</td>
</tr>
</tbody></table>
</td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>
<span class="vuln_info">Number of vulnerabilities</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Open ports : </td>
<td align="right">7</td>
</tr>
<tr>
<td class="sev_high" align="left">High : </td>
<td class="sev_high" align="right">17</td>
</tr>
<tr>
<td class="sev_med" align="left">Medium : </td>
<td class="sev_med" align="right">24</td>
</tr>
<tr>
<td class="sev_low" align="left">Low : </td>
<td class="sev_low" align="right">38</td>
</tr>
</tbody></table>
</td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>
<span class="host_info">Remote host information</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Operating System : </td>
<td align="right">Microsoft Windows Server 2003 Service Pack 1</td>
</tr>
<tr>
<td align="left">NetBIOS name : </td>
<td align="right">IT-NWIB91G1ZGH8</td>
</tr>
<tr><td align="left">DNS name : </td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
<div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc_172.16.10.5">[^] Back to 172.16.10.5</a></td></tr>
</tbody></table>
</div>

			<br><a name="172.16.10.5_general(0/general)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_general_0")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port general (0/udp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_general_0" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with the 'System' privileges.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=34477">34477</a><br><br><b>CVE: </b><br>CVE-2008-4250<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/31874">31874</a><br><br><b>Other references: </b><br>OSVDB:49243, CWE:94, MSFT:MS08-067</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Traceroute Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It was possible to obtain traceroute information.<br><br><b>Description:</b><br>Makes a traceroute to the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>For your information, here is the traceroute from 172.16.30.5 to 172.16.10.5 : 
172.16.30.5
172.16.30.1
172.16.10.5
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10287">10287</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Nessus Scan Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Information about the Nessus scan.<br><br><b>Description:</b><br>This script displays, for each tested host, information about the scan itself:

 - The version of the plugin set
 - The type of plugin feed (HomeFeed or ProfessionalFeed)
 - The version of the Nessus Engine
 - The port scanner(s) used
 - The port range scanned
 - The date of the scan
 - The duration of the scan
 - The number of hosts scanned in parallel
 - The number of checks done in parallel<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>Information about this scan : 

Nessus version : 4.4.0
Plugin feed version : 201102260034
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 172.16.30.5
Port scanner(s) : nessus_tcp_scanner nessus_syn_scanner 
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/2/26 14:41
Scan duration : 128 sec
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=19506">19506</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Web Application Tests Disabled</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Web application tests were not enabled during the scan.<br><br><b>Description:</b><br>One or several web servers were detected by Nessus, but neither the
CGI tests nor the Web Application Tests were enabled. 

If you want to get a more complete report, you should enable one of 
these features, or both.

Please note that the scan might take significantly longer with these
tests, which is why they are disabled by default.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://blog.tenablesecurity.com/web-app-auditing/<br><br><b>Solution:</b><br>To enable specific CGI tests, go to the 'Advanced' tab, select
'Global variable settings' and set 'Enable CGI scanning'. 

To generic enable web application tests, go to the 'Advanced' tab,
select 'Web Application Tests Settings' and set 'Enable web
applications tests'. 

You may configure other options, for example HTTP credentials in
'Login configurations', or form-based authentication in 'HTTP login
page'.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=43067">43067</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Common Platform Enumeration (CPE)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to enumerate CPE names that matched on the remote
system.<br><br><b>Description:</b><br>By using information obtained from a Nessus scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.  

Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information
available from the scan.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://cpe.mitre.org/<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
The remote operating system matched the following CPE : 

  cpe:/o:microsoft:windows_2003_server::sp1 -&gt; Microsoft Windows 2003 Server Service Pack 1

Here is the list of application CPE IDs that matched on the remote system :

  cpe:/a:openssl:openssl:0.9.8h
  cpe:/a:openssl:openssl:0.9.8h
  cpe:/a:apache:http_server:2.2.9
  cpe:/a:apache:http_server:2.2.9
  cpe:/a:modssl:mod_ssl:2.2.9
  cpe:/a:modssl:mod_ssl:2.2.9
  cpe:/a:php:php:5.2.6
  cpe:/a:php:php:5.2.6
  cpe:/a:php:php:5.2.6
  cpe:/a:php:php:5.2.6
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=45590">45590</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">OS Identification</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to guess the remote operating system<br><br><b>Description:</b><br>Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) 
it is possible to guess the name of the remote operating system in use, and
sometimes its version<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>N/A<br><br><b>Plugin output:</b><br>
Remote operating system : Microsoft Windows Server 2003 Service Pack 1
Confidence Level : 99
Method : MSRPC

 
The remote host is running Microsoft Windows Server 2003 Service Pack 1<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11936">11936</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Ethernet card brand</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The manufacturer can be deduced from the Ethernet OUI.<br><br><b>Description:</b><br>Each ethernet MAC address starts with a 24-bit 'Organizationally 
Unique Identifier'.
These OUI are registered by IEEE.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://standards.ieee.org/faqs/OUI.html<br><br><b>See also:</b><br>http://standards.ieee.org/regauth/oui/index.shtml<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
The following card manufacturers were identified :

00:0c:29:e1:f5:d0 : VMware, Inc.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35716">35716</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">VMware Virtual Machine Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote host seems to be a VMware virtual machine.<br><br><b>Description:</b><br>According to the MAC address of its network adapter, the remote host
is a VMware virtual machine. 

Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=20094">20094</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">TCP/IP Timestamps Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service implements TCP timestamps.<br><br><b>Description:</b><br>The remote host implements TCP timestamps, as defined by RFC1323.  A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://www.ietf.org/rfc/rfc1323.txt<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=25220">25220</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">ICMP Timestamp Request Remote Date Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to determine the exact time set on the remote host.<br><br><b>Description:</b><br>The remote host answers to an ICMP timestamp request.  This allows an
attacker to know the date which is set on your machine. 

This may help him to defeat all your time based authentication
protocols.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).<br><br><b>Plugin output:</b><br>This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is 11 seconds.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10114">10114</a><br><br><b>CVE: </b><br>CVE-1999-0524<br><br><b>Other references: </b><br>OSVDB:94, CWE:200</div>
</td></tr>
</tbody></table>
</div>
			<br><a name="172.16.10.5_dce-rpc(1025/dce-rpc)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_dce-rpc_1025")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port dce-rpc (1025/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_dce-rpc_1025" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">DCE Services Enumeration</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A DCE/RPC service is running on the remote host.<br><br><b>Description:</b><br>By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>N/A<br><br><b>Plugin output:</b><br>
The following DCERPC services are available on TCP port 1025 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 1025
IP : 172.16.10.5

<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10736">10736</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_epmap(135/epmap)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_epmap_135")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port epmap (135/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_epmap_135" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">DCE Services Enumeration</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A DCE/RPC service is running on the remote host.<br><br><b>Description:</b><br>By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>N/A<br><br><b>Plugin output:</b><br>
The following DCERPC services are available locally :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEC8157C64F1C2418D9B957A9C02B0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : wzcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEC8157C64F1C2418D9B957A9C02B0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : wzcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEC8157C64F1C2418D9B957A9C02B0

Object UUID : 295822e2-7953-4ce7-9062-3952b1fbe20c
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLEBAC5AB5145B548A3B840D90DFC43

Object UUID : 295822e2-7953-4ce7-9062-3952b1fbe20c
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC00000aac.00000001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : bb7a3b1f-83cf-4743-ba55-2940807ac9dd
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC0000009c.00000001

Object UUID : 35aad53b-4287-4e08-ba44-edb1117b4bd8
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC0000009c.00000001

Object UUID : e692305f-dcdf-481b-8189-793732c8214b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC0000009c.00000001

Object UUID : 2adeb469-7b70-4eaf-af28-c292acdb1c68
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC0000009c.00000001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : wzcsvc

<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10736">10736</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_netbios-ns(137/netbios-ns)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_netbios-ns_137")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port netbios-ns (137/udp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_netbios-ns_137" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Windows NetBIOS / SMB Remote Host Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain the network name of the remote host.<br><br><b>Description:</b><br>The remote host listens on UDP port 137 or TCP port 445 and replies to 
NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins
but does not itself generate a report.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The following 6 NetBIOS names have been gathered :

 IT-NWIB91G1ZGH8  = Computer name
 WORKGROUP        = Workgroup / Domain name
 IT-NWIB91G1ZGH8  = File Server Service
 WORKGROUP        = Browser Service Elections
 WORKGROUP        = Master Browser
 __MSBROWSE__     = Master Browser

The remote host has the following MAC address on its adapter :
   00:0c:29:e1:f5:d0<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10150">10150</a>
</div>
</td></tr>
</tbody></table>
</div>
			<br><a name="172.16.10.5_smb(139/smb)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_smb_139")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port smb (139/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_smb_139" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A file / print sharing service is listening on the remote host.<br><br><b>Description:</b><br>The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
An SMB server is running on this port.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11011">11011</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_mysql(3306/mysql)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_mysql_3306")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port mysql (3306/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_mysql_3306" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service could be identified.<br><br><b>Description:</b><br>It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>A MySQL server is running on this port.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22964">22964</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_www(443/www)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_www_443")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port www (443/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_www_443" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">XAMPP Example Pages Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server allows access to its example pages.<br><br><b>Description:</b><br>The remote web server makes available example scripts from XAMPP, an
easy-to-install Apache distribution containing MySQL, PHP, and Perl. 
Allowing access to these examples is not recommended since some are
known to disclose sensitive information about the remote host and
others may be affected by vulnerabilities such as cross-site scripting
issues.  Additionally, some pages have known cross-site scripting,
SQL injection, and local file inclusion vulnerabilities.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>Solution:</b><br>Consult XAMPP's documentation for information about securing the
example pages as well as other applications if necessary.<br><br><b>Plugin output:</b><br>
Nessus was able to access XAMPP's examples using the following URL :

  https://172.16.10.5/xampp/index.php
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=33822">33822</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.14 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities\n<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the 
remote host is older than 2.2.14.  Such versions are potentially
affected by multiple vulnerabilities :

  - Faulty error handling in the Solaris pollset support 
    could lead to a denial of service. (CVE-2009-2699)

  - The 'mod_proxy_ftp' module allows remote attackers to 
    bypass intended access restrictions. (CVE-2009-3095)

  - The 'ap_proxy_ftp_handler' function in 
    'modules/proxy/proxy_ftp.c' in the 'mod_proxy_ftp' 
    module allows remote FTP servers to cause a 
    denial-of-service. (CVE-2009-3094)

Note that the remote web server may not actually be affected by these
vulnerabilities as Nessus did not try to determine whether the affected
modules are in use or check for the issues themselves.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.securityfocus.com/advisories/17947<br><br><b>See also:</b><br>http://www.securityfocus.com/advisories/17959<br><br><b>See also:</b><br>http://www.intevydis.com/blog/?p=59<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=47645<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.14<br><br><b>Solution:</b><br>Either ensure the affected modules are not in use or upgrade to Apache
version 2.2.14 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.14
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=42052">42052</a><br><br><b>CVE: </b><br>CVE-2009-2699, CVE-2009-3094, CVE-2009-3095<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36254">36254</a>, <a href="http://www.securityfocus.com/bid/36260">36260</a>, <a href="http://www.securityfocus.com/bid/36596">36596</a><br><br><b>Other references: </b><br>OSVDB:57851, OSVDB:57882, OSVDB:58879, Secunia:36549, CWE:264</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.15 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.15.  Such versions are potentially
affected by multiple vulnerabilities :

  - A TLS renegotiation prefix injection attack is possible. 
    (CVE-2009-3555)

  - The 'mod_proxy_ajp' module returns the wrong status code
    if it encounters an error which causes the back-end 
    server to be put into an error state. (CVE-2010-0408)

  - The 'mod_isapi' attempts to unload the 'ISAPI.dll' when
    it encounters various error states which could leave
    call-backs in an undefined state. (CVE-2010-0425)

  - A flaw in the core sub-request process code can lead to
    sensitive information from a request being handled by 
    the wrong thread if a multi-threaded environment is
    used. (CVE-2010-0434)<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=48359<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.15<br><br><b>Solution:</b><br>Upgrade to Apache version 2.2.15 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.15
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=45004">45004</a><br><br><b>CVE: </b><br>CVE-2009-3555, CVE-2010-0408, CVE-2010-0425, CVE-2010-0434<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36935">36935</a>, <a href="http://www.securityfocus.com/bid/38491">38491</a>, <a href="http://www.securityfocus.com/bid/38494">38494</a>, <a href="http://www.securityfocus.com/bid/38580">38580</a><br><br><b>Other references: </b><br>OSVDB:59969, OSVDB:62674, OSVDB:62675, OSVDB:62676, Secunia:38776, CWE:200</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.14 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.14.  Such versions may be affected by
several security issues :

  - An error exists when processing invalid XML-RPC 
    requests that can lead to a NULL pointer
    dereference. (bug #51288) (CVE-2010-0397)

  - An error exists in the function 'fnmatch' that can lead
    to stack exhaustion.

  - An error exists in the sqlite extension that could 
    allow arbitrary memory access.

  - A memory corruption error exists in the function
    'substr_replace'.

  - The following functions are not properly protected
    against function interruptions :

    addcslashes, chunk_split, html_entity_decode, 
    iconv_mime_decode, iconv_substr, iconv_mime_encode,
    htmlentities, htmlspecialchars, str_getcsv,
    http_build_query, strpbrk, strstr, str_pad,
    str_word_count, wordwrap, strtok, setcookie, 
    strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack, 
    uasort, preg_match, strrchr, strchr, substr, str_repeat
    (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,
    CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,
    CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)

  - The following opcodes are not properly protected 
    against function interruptions :

    ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW
    (CVE-2010-2191)

  - The default session serializer contains an error
    that can be exploited when assigning session
    variables having user defined names. Arbitrary
    serialized values can be injected into sessions by
    including the PS_UNDEF_MARKER, '!', character in
    variable names.

  - A use-after-free error exists in the function
    'spl_object_storage_attach'. (CVE-2010-2225)

  - An information disclosure vulnerability exists in the
    function 'var_export' when handling certain error 
    conditions. (CVE-2010-2531)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_14.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.14<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.14 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.14
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=48244">48244</a><br><br><b>CVE: </b><br>CVE-2010-0397,
 CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, 
CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, 
CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3065<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/38708">38708</a>, <a href="http://www.securityfocus.com/bid/40948">40948</a>, <a href="http://www.securityfocus.com/bid/41991">41991</a><br><br><b>Other references: </b><br>OSVDB:63078,
 OSVDB:64322, OSVDB:64544, OSVDB:64546, OSVDB:65755, OSVDB:66087, 
OSVDB:66093, OSVDB:66094, OSVDB:66095, OSVDB:66096, OSVDB:66097, 
OSVDB:66098, OSVDB:66099, OSVDB:66100, OSVDB:66101, OSVDB:66102, 
OSVDB:66103, OSVDB:66104, OSVDB:66105, OSVDB:66106, OSVDB:66798, 
OSVDB:66804, OSVDB:66805, Secunia:39675, Secunia:40268</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.15 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.15.  Such versions may be affected by
several security issues :
  
  - A crash in the zip extract method.

  - A possible double free exists in the imap extension.
    (CVE-2010-4150)

  - An unspecified flaw exists in 'open_basedir'. 
    (CVE-2010-3436)

  - A possible crash could occur in 'mssql_fetch_batch()'.
  
  - A NULL pointer dereference exists in 
    'ZipArchive::getArchiveComment'. (CVE-2010-3709)

  - A crash exists if anti-aliasing steps are invalid.
    (Bug #53492)

  - A crash exists in pdo_firebird getAttribute(). (Bug 
    #53323)

  - A user-after-free vulnerability in the Zend engine when
    a '__set()', '__get()', '__isset()' or '__unset()' 
    method is called can allow for a denial of service 
    attack. (Bug #52879 / CVE-2010-4697)

  - A stack-based buffer overflow exists in the 
    'imagepstext()' function in the GD extension. (Bug 
    #53492 / CVE-2010-4698)
    
  - The extract function does not prevent use of the
    EXTR_OVERWRITE parameter to overwrite the GLOBALS
    superglobal array and the 'this' variable, which
    allows attackers to bypass intended access restrictions.
    (CVE-2011-0752)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_15.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.15<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.15 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.15
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51139">51139</a><br><br><b>CVE: </b><br>CVE-2010-3436, CVE-2010-3709, CVE-2010-4150, CVE-2010-4697, CVE-2010-4698, CVE-2011-0752<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/44718">44718</a>, <a href="http://www.securityfocus.com/bid/44723">44723</a>, <a href="http://www.securityfocus.com/bid/45335">45335</a>, <a href="http://www.securityfocus.com/bid/45952">45952</a>, <a href="http://www.securityfocus.com/bid/46448">46448</a><br><br><b>Other references: </b><br>OSVDB:68597, OSVDB:69109, OSVDB:69110, OSVDB:69660, OSVDB:70607, OSVDB:70608</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5 &lt; 5.2.7 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.7.  Such versions may be affected by several
security issues :

  - File truncation can occur when calling 'dba_replace()'
    with an invalid argument.

  - There is a buffer overflow in the bundled PCRE library
    fixed by 7.8. (CVE-2008-2371)

  - A buffer overflow in the 'imageloadfont()' function in
    'ext/gd/gd.c' can be triggered when a specially crafted
    font is given. (CVE-2008-3658)

  - There is a buffer overflow in PHP's internal function
    'memnstr()', which is exposed to userspace as 
    'explode()'. (CVE-2008-3659)

  - When used as a FastCGI module, PHP segfaults when 
    opening a file whose name contains two dots (eg, 
    'file..php'). (CVE-2008-3660)

  - Multiple directory traversal vulnerabilities in 
    functions such as 'posix_access()', 'chdir()', 'ftok()'
    may allow a remote attacker to bypass 'safe_mode' 
    restrictions. (CVE-2008-2665 and CVE-2008-2666).

  - A buffer overflow may be triggered when processing long
    message headers in 'php_imap.c' due to use of an 
    obsolete API call. (CVE-2008-2829)

  - A heap-based buffer overflow may be triggered via
    a call to 'mb_check_encoding()', part of the 'mbstring'
    extension. (CVE-2008-5557)

  - Missing initialization of 'BG(page_uid)' and 
    'BG(page_gid)' when PHP is used as an Apache module 
    may allow for bypassing security restriction due to
    SAPI 'php_getuid()' overloading. (CVE-2008-5624)

  - Incorrect 'php_value' order for Apache configuration
    may allow bypassing PHP's 'safe_mode' setting.
    (CVE-2008-5625)

  - The ZipArchive:extractTo() method in the ZipArchive
    extension fails to filter directory traversal 
    sequences from file names. (CVE-2008-5658)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/57<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/58<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/59<br><br><b>See also:</b><br>http://www.sektioneins.de/advisories/SE-2008-06.txt<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html<br><br><b>See also:</b><br>http://www.openwall.com/lists/oss-security/2008/08/08/2<br><br><b>See also:</b><br>http://www.openwall.com/lists/oss-security/2008/08/13/8<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=42862<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45151<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45722<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_7.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.7<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.8 or later.

Note that 5.2.7 was been removed from distribution because of a
regression in that version that results in the 'magic_quotes_gpc'
setting remaining off even if it was set to on.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.7
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35043">35043</a><br><br><b>CVE: </b><br>CVE-2008-2371,
 CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, 
CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, 
CVE-2008-5625, CVE-2008-5658<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/29796">29796</a>, <a href="http://www.securityfocus.com/bid/29797">29797</a>, <a href="http://www.securityfocus.com/bid/29829">29829</a>, <a href="http://www.securityfocus.com/bid/30087">30087</a>, <a href="http://www.securityfocus.com/bid/30649">30649</a>, <a href="http://www.securityfocus.com/bid/31612">31612</a>, <a href="http://www.securityfocus.com/bid/32383">32383</a>, <a href="http://www.securityfocus.com/bid/32625">32625</a>, <a href="http://www.securityfocus.com/bid/32688">32688</a>, <a href="http://www.securityfocus.com/bid/32948">32948</a><br><br><b>Other references: </b><br>OSVDB:46584,
 OSVDB:46638, OSVDB:46639, OSVDB:46641, OSVDB:46690, OSVDB:47796, 
OSVDB:47797, OSVDB:47798, OSVDB:50480, OSVDB:51477, OSVDB:52205, 
OSVDB:52206, OSVDB:52207, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">HTTP TRACE / TRACK Methods Allowed</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Debugging functions are enabled on the remote web server.<br><br><b>Description:</b><br>The remote webserver supports the TRACE and/or TRACK methods.  TRACE
and TRACK are HTTP methods that are used to debug web server
connections.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>See also:</b><br>http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf<br><br><b>See also:</b><br>http://www.apacheweek.com/issues/03-01-24<br><br><b>See also:</b><br>http://www.kb.cert.org/vuls/id/288308<br><br><b>See also:</b><br>http://www.kb.cert.org/vuls/id/867593<br><br><b>See also:</b><br>http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1<br><br><b>Solution:</b><br>Disable these methods.  Refer to the plugin output for more information.<br><br><b>Plugin output:</b><br>
To disable these methods, add the following lines for each virtual
host in your configuration file :

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request : 

------------------------------ snip ------------------------------
TRACE /Nessus1596041005.html HTTP/1.1
Connection: Close
Host: 172.16.10.5
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------
HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 13:42:57 GMT
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Connection: close
Transfer-Encoding: chunked
Content-Type: message/http


TRACE /Nessus1596041005.html HTTP/1.1
Connection: Close
Host: 172.16.10.5
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11213">11213</a><br><br><b>CVE: </b><br>CVE-2003-1567, CVE-2004-2320, CVE-2010-0386<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/9506">9506</a>, <a href="http://www.securityfocus.com/bid/9561">9561</a>, <a href="http://www.securityfocus.com/bid/11604">11604</a>, <a href="http://www.securityfocus.com/bid/33374">33374</a>, <a href="http://www.securityfocus.com/bid/37995">37995</a><br><br><b>Other references: </b><br>OSVDB:877, OSVDB:3726, OSVDB:5648, OSVDB:50485, CWE:16</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.x &lt; 2.2.12 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server may be affected by several issues.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.12.  Such versions may be affected by
several issues, including :

  - A heap buffer underwrite flaw exists in the function
    'apr_strmatch_precompile()' in the bundled copy of the
    APR-util library, which could be triggered when parsing
    configuration data to crash the daemon. (CVE-2009-0023)

  - A flaw in the mod_proxy_ajp module in version 2.2.11
    only may allow a remote attacker to obtain sensitive
    response data intended for a client that sent an
    earlier POST request with no request body. 
    (CVE-2009-1191)

  - The server does not limit the use of directives in a
    .htaccess file as expected based on directives such
    as 'AllowOverride' and 'Options' in the configuration
    file, which could enable a local user to bypass
    security restrictions. (CVE-2009-1195)

  - Failure to properly handle an amount of streamed data
    that exceeds the Content-Length value allows a remote
    attacker to force a proxy process to consume CPU time
    indefinitely when mod_proxy is used in a reverse proxy
    configuration. (CVE-2009-1890)

  - Failure of mod_deflate to stop compressing a file when
    the associated network connection is closed may allow a
    remote attacker to consume large amounts of CPU if
    there is a large (&gt;10 MB) file available that has
    mod_deflate enabled. (CVE-2009-1891)

  - Using a specially crafted XML document with a large
    number of nested entities, a remote attacker may be
    able to consume an excessive amount of memory due to
    a flaw in the bundled expat XML parser used by the
    mod_dav and mod_dav_svn modules. (CVE-2009-1955)

  - There is an off-by-one overflow in the function
    'apr_brigade_vprintf()' in the bundled copy of the
    APR-util library in the way it handles a variable list
    of arguments, which could be leveraged on big-endian 
    platforms to perform information disclosure or denial 
    of service attacks. (CVE-2009-1956)

Note that Nessus has relied solely on the version in the Server
response header and did not try to check for the issues themselves or
even whether the affected modules are in use.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.4<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.12<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>Solution:</b><br>Either ensure that the affected modules / directives are not in use or
upgrade to Apache version 2.2.12 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.12
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=40467">40467</a><br><br><b>CVE: </b><br>CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/34663">34663</a>, <a href="http://www.securityfocus.com/bid/35115">35115</a>, <a href="http://www.securityfocus.com/bid/35221">35221</a>, <a href="http://www.securityfocus.com/bid/35251">35251</a>, <a href="http://www.securityfocus.com/bid/35253">35253</a>, <a href="http://www.securityfocus.com/bid/35565">35565</a>, <a href="http://www.securityfocus.com/bid/35623">35623</a><br><br><b>Other references: </b><br>OSVDB:53921, OSVDB:54733, OSVDB:55057, OSVDB:55058, OSVDB:55059, OSVDB:55553, OSVDB:55782, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.16 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.16.  Such versions are potentially
affected by multiple vulnerabilities :

  - A denial-of-service vulnerability in mod_cache and 
    mod_dav. (CVE-2010-1452)
  
  - An information disclosure vulnerability in mod_proxy_ajp,
    mod_reqtimeout, and mod_proxy_http relating to timeout 
    conditions. Note that this issue only affects Apache on 
    Windows, Netware, and OS/2. (CVE-2010-2068)

Note that the remote web server may not actually be affected by these
vulnerabilities.  Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=49246<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=49417<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.16<br><br><b>Solution:</b><br>Upgrade to Apache version 2.2.16 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.16
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=48205">48205</a><br><br><b>CVE: </b><br>CVE-2010-1452, CVE-2010-2068<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/40827">40827</a>, <a href="http://www.securityfocus.com/bid/41963">41963</a><br><br><b>Other references: </b><br>OSVDB:65654, OSVDB:66745, Secunia:40206</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.17 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server may be affected by several issues.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.17.  Such versions may be affected by
several issues, including :

  - Errors exist in the bundled expat library that may allow
    an attacker to crash the server when a buffer is over-
    read when parsing an XML document. (CVE-2009-3720 and
    CVE-2009-3560)

  - An error exists in the 'apr_brigade_split_line' 
    function in the bundled APR-util library. Carefully
    timed bytes in requests result in gradual memory
    increases leading to a denial of service. 
    (CVE-2010-1623)
 
Note that the remote web server may not actually be affected by these
vulnerabilities.  Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.17<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>Solution:</b><br>Either ensure that the affected modules are not in use or upgrade to
Apache version 2.2.17 or later.<br><br><b>Plugin output:</b><br>
  Version source    : Server: Apache/2.2.9
  Installed version : 2.2.9
  Fixed version     : 2.2.17
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=50070">50070</a><br><br><b>CVE: </b><br>CVE-2009-3560, CVE-2009-3720, CVE-2010-1623<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/37203">37203</a>, <a href="http://www.securityfocus.com/bid/36097">36097</a>, <a href="http://www.securityfocus.com/bid/43673">43673</a><br><br><b>Other references: </b><br>OSVDB:59737, OSVDB:60797, OSVDB:68327, Secunia:41701, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.9 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.9.  Such versions may be affected by several
security issues :

  - Background color is not correctly validated with a non true
    color image in function 'imagerotate()'. (CVE-2008-5498)

  - A denial of service condition can be triggered by trying to 
    extract zip files that contain files with relative paths 
    in file or directory names.

  - Function 'explode()' is affected by an unspecified 
    vulnerability.

  - It may be possible to trigger a segfault by passing a 
    specially crafted string to function 'json_decode()'.

  - Function 'xml_error_string()' is affected by a flaw
    which results in messages being off by one.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://news.php.net/php.internals/42762<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_9.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.9<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.9 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.9
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35750">35750</a><br><br><b>CVE: </b><br>CVE-2008-5498<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/33002">33002</a>, <a href="http://www.securityfocus.com/bid/33927">33927</a><br><br><b>Other references: </b><br>OSVDB:51031, Secunia:34081, CWE:200</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.3.2 / 5.2.13 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.3.2 / 5.2.13.  Such versions may be affected by
several security issues :

  - Directory paths not ending with '/' may not be
    correctly validated inside 'tempnam()' in 
    'safe_mode' configuration.

  - It may be possible to bypass the 'open_basedir'/ 
    'safe_mode' configuration restrictions due to an
    error in session extensions.

  - An unspecified vulnerability affects the LCG entropy.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.4<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/82<br><br><b>See also:</b><br>http://securityreason.com/securityalert/7008<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0209.html<br><br><b>See also:</b><br>http://www.php.net/releases/5_3_2.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.3.2<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_13.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.13<br><br><b>Solution:</b><br>Upgrade to PHP version 5.3.2 / 5.2.13 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.3.2 / 5.2.13
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=44921">44921</a><br><br><b>CVE: </b><br>CVE-2010-1128, CVE-2010-1129, CVE-2010-1130<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/38182">38182</a>, <a href="http://www.securityfocus.com/bid/38430">38430</a>, <a href="http://www.securityfocus.com/bid/38431">38431</a><br><br><b>Other references: </b><br>OSVDB:62582, OSVDB:62583, OSVDB:63323, Secunia:38708</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.12 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.12.  Such versions may be affected by several
security issues :

  - It is possible to bypass the 'safe_mode' configuration
    setting using 'tempnam()'. (CVE-2009-3557)

  - It is possible to bypass the 'open_basedir' 
    configuration setting using 'posix_mkfifo()'. 
    (CVE-2009-3558)

  - Provided file uploading is enabled (it is by default),
    an attacker can upload files using a POST request with
    'multipart/form-data' content even if the target script
    doesn't actually support file uploads per se.  By 
    supplying a large number (15,000+) of files, he may be
    able to cause the web server to stop responding while
    it processes the file list. (CVE-2009-4017)

  - Missing protection for '$_SESSION' from interrupt
    corruption and improved 'session.save_path' check.
    (CVE-2009-4143)

  - Insufficient input string validation in the 
    'htmlspecialchars()' function. (CVE-2009-4142)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.8<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.nessus.org/u?57f2d08f<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_12.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.12<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.12 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.12
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=43351">43351</a><br><br><b>CVE: </b><br>CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4142, CVE-2009-4143<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/37389">37389</a>, <a href="http://www.securityfocus.com/bid/37390">37390</a><br><br><b>Other references: </b><br>OSVDB:60434, OSVDB:60435, OSVDB:60451, OSVDB:61208, OSVDB:61209, Secunia:37821, CWE:264</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.11 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.11.  Such versions may be affected by several
security issues :

  - An unspecified error occurs in certificate validation
    inside 'php_openssl_apply_verification_policy'.

  - An unspecified input validation vulnerability affects
    the color index in 'imagecolortransparent()'.

  - An unspecified input validation vulnerability affects
    exif processing.

  - Calling 'popen()' with an invalid mode can cause a
    crash under Windows. (Bug #44683)

  - An integer overflow in 'xml_utf8_decode()' can make it
    easier to bypass cross-site scripting and SQL injection 
    protection mechanisms using a specially crafted string 
    with a long UTF-8 encoding. (Bug #49687)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_11.php<br><br><b>See also:</b><br>http://news.php.net/php.internals/45597<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.11<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.11 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.11
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=41014">41014</a><br><br><b>CVE: </b><br>CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3294, CVE-2009-5016<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36449">36449</a>, <a href="http://www.securityfocus.com/bid/44889">44889</a><br><br><b>Other references: </b><br>OSVDB:58185, OSVDB:58186, OSVDB:58187, OSVDB:58188, OSVDB:69227, Secunia:36791, CWE:20</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.10 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.10.  Such versions are reportedly affected by
multiple vulnerabilities :

  - Sufficient checks are not performed on fields reserved 
    for offsets in function 'exif_read_data()'. Successful 
    exploitation of this issue could result in a denial of 
    service condition. (bug 48378)

  - Provided 'safe_mode_exec_dir' is not set (not set by
    default), it may be possible to bypass 'safe_mode' 
    restrictions by preceding a backslash in functions 
    such as 'exec()', 'system()', 'shell_exec()', 
    'passthru()' and 'popen()' on a system running PHP 
    on Windows. (bug 45997)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.1<br>CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45997<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=48378<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_10.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.10<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.10 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.10
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=39480">39480</a><br><br><b>CVE: </b><br>CVE-2009-2687<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/35440">35440</a>, <a href="http://www.securityfocus.com/bid/35435">35435</a><br><br><b>Other references: </b><br>OSVDB:55222, OSVDB:55223, OSVDB:55224, Secunia:35441, CWE:20</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher Issue</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote host allows resuming SSL sessions.<br><br><b>Description:</b><br>The version of OpenSSL on the remote host has been shown to allow the
use of disabled ciphers when resuming a session.  This means that an
attacker that sees (e.g.  by sniffing) the start of an SSL connection
can manipulate the OpenSSL session cache to cause subsequent resumes
of that session to use a disabled cipher chosen by the attacker.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N<br><br><b>Solution:</b><br>Upgrade to OpenSSL 0.9.8j or later.<br><br><b>Plugin output:</b><br>
  Session ID     : 5f3ce49461a5cd4666cd6f6b054a33c14563c7718361d9c6c489595fa3cd44ca
  Initial Cipher : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
  Resumed Cipher : TLS1_CK_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51893">51893</a><br><br><b>CVE: </b><br>CVE-2008-7270<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/45254">45254</a><br><br><b>Other references: </b><br>OSVDB:69655</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Change Issue</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote host allows resuming SSL sessions.<br><br><b>Description:</b><br>The version of OpenSSL on the remote host has been shown to allow
resuming session with a different cipher than was used when the
session was initiated.  This means that an attacker that sees (e.g. 
by sniffing) the start of an SSL connection can manipulate the OpenSSL
session cache to cause subsequent resumes of that session to use a
cipher chosen by the attacker.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N<br><br><b>See also:</b><br>http://openssl.org/news/secadv_20101202.txt<br><br><b>Solution:</b><br>Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later.<br><br><b>Plugin output:</b><br>
  Session ID     : 4ce990bc873242fa8c89ed1ffcd983d38abf4736dbbcf0342b02439896394080
  Initial Cipher : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
  Resumed Cipher : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51892">51892</a><br><br><b>CVE: </b><br>CVE-2010-4180<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/45164">45164</a><br><br><b>Other references: </b><br>OSVDB:69565</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">SSL Medium Strength Cipher Suites Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service supports the use of medium strength SSL ciphers.<br><br><b>Description:</b><br>The remote host supports the use of SSL ciphers that offer medium
strength encryption, which we currently regard as those with key 
lengths at least 56 bits and less than 112 bits.

Note: This is considerably easier to exploit if the attacker is on the
same physical network.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>Solution:</b><br>Reconfigure the affected application if possible to avoid use of
medium strength ciphers.<br><br><b>Plugin output:</b><br>
Here are the medium strength SSL ciphers supported by the remote server :

  Medium Strength Ciphers (&gt;= 56-bit and &lt; 112-bit key)
    SSLv2
      DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5    
    SSLv3
      EDH-RSA-DES-CBC-SHA        Kx=DH         Au=RSA     Enc=DES(56)      Mac=SHA1   
      DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1   
    TLSv1
      EDH-RSA-DES-CBC-SHA        Kx=DH         Au=RSA     Enc=DES(56)      Mac=SHA1   
      DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=42873">42873</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">SSL Weak Cipher Suites Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service supports the use of weak SSL ciphers.<br><br><b>Description:</b><br>The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.

Note: This is considerably easier to exploit if the attacker is on the
same physical network.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>See also:</b><br>http://www.openssl.org/docs/apps/ciphers.html<br><br><b>Solution:</b><br>Reconfigure the affected application if possible to avoid use of weak
ciphers.<br><br><b>Plugin output:</b><br>Here is the list of weak SSL ciphers supported by the remote server :

  Low Strength Ciphers (&lt; 56-bit key)
    SSLv2
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export     
    SSLv3
      EXP-EDH-RSA-DES-CBC-SHA    Kx=DH(512)    Au=RSA     Enc=DES(40)      Mac=SHA1   export     
      EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA     Enc=DES(40)      Mac=SHA1   export     
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export     
    TLSv1
      EXP-EDH-RSA-DES-CBC-SHA    Kx=DH(512)    Au=RSA     Enc=DES(40)      Mac=SHA1   export     
      EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA     Enc=DES(40)      Mac=SHA1   export     
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export     

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=26928">26928</a><br><br><b>Other references: </b><br>CWE:327, CWE:326, CWE:753, CWE:803, CWE:720</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">SSL Certificate signed with an unknown Certificate Authority</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The SSL certificate for this service is signed by an unknown
certificate authority.<br><br><b>Description:</b><br>The X.509 certificate of the remote host is not signed by a known
public certificate authority.  If the remote host is a public host in
production, this nullifies the use of SSL as anyone could establish a
man in the middle attack against the remote host.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.4<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N<br><br><b>Solution:</b><br>Purchase or generate a proper certificate for this service.<br><br><b>Plugin output:</b><br>*** ERROR: Unknown root CA in the chain:
Organization: Apache Friends
Organization Unit: XAMPP for Windows
Common Name: localhost



Certificate chain:
|-Organization: Apache Friends
|-Organization Unit: XAMPP for Windows
|-Common Name: localhost
|
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51192">51192</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">SSL Certificate Expiry</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote server's SSL certificate has already expired.<br><br><b>Description:</b><br>This script checks expiry dates of certificates associated with SSL-
enabled services on the target and reports whether any have already
expired.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N<br><br><b>Solution:</b><br>Purchase or generate a new SSL certificate to replace the existing
one.<br><br><b>Plugin output:</b><br>
The SSL certificate of the remote service expired Dec  4 15:11:04 2006 GMT!<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=15901">15901</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Web Server robots.txt Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server contains a 'robots.txt' file.<br><br><b>Description:</b><br>The remote host contains a file named 'robots.txt' that is intended to
prevent web 'robots' from visiting certain directories in a web site for
maintenance or indexing purposes.  A malicious user may also be able to
use the contents of this file to learn of sensitive documents or
directories on the affected site and either retrieve them directly or
target them for other attacks.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://www.robotstxt.org/wc/exclusion.html<br><br><b>Solution:</b><br>Review the contents of the site's robots.txt file, use Robots META tags
instead of entries in the robots.txt file, and/or adjust the web
server's access controls to limit access to sensitive material.<br><br><b>Plugin output:</b><br>Contents of robots.txt :

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/
Disallow: /xmlrpc/
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10302">10302</a><br><br><b>Other references: </b><br>OSVDB:238</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">WebDAV Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote server is running with WebDAV enabled.<br><br><b>Description:</b><br>WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.

If you do not use this extension, you should disable it.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>http://support.microsoft.com/default.aspx?kbid=241520<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11424">11424</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.17 / 5.3 &lt; 5.3.5 String To Double Conversion DoS</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
a denial of service vulnerability.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.x installed on the
remote host is older than 5.2.17 or 5.3.5. 

Such versions may experience a crash while performing string to double
conversion for certain numeric values.  Only x86 32-bit PHP processes
are known to be affected by this issue regardless of whether the
system running PHP is 32-bit or 64-bit.<br><br><b>Risk factor:</b><br>Low<br><br><b>CVSS Base Score:</b>2.6<br>CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=53632<br><br><b>See also:</b><br>http://www.php.net/distributions/test_bug53632.txt<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_17.php<br><br><b>See also:</b><br>http://www.php.net/releases/5_3_5.php<br><br><b>Solution:</b><br>Upgrade to PHP 5.2.17/5.3.5 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.17/5.3.5
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51439">51439</a><br><br><b>CVE: </b><br>CVE-2010-4645<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/45668">45668</a><br><br><b>Other references: </b><br>OSVDB:70370</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">HyperText Transfer Protocol (HTTP) Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Some information about the remote HTTP configuration can be extracted.<br><br><b>Description:</b><br>This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc... 

This test is informational only and does not denote any security
problem.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

  Date: Sat, 26 Feb 2011 13:42:38 GMT
  Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  X-Powered-By: PHP/5.2.6
  P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  Expires: Mon, 1 Jan 2001 00:00:00 GMT
  Last-Modified: Sat, 26 Feb 2011 13:42:39 GMT
  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  Pragma: no-cache
  Content-Length: 4000
  Connection: close
  Content-Type: text/html; charset=utf-8
  
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=24260">24260</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">HTTP Server Type and Version</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A web server is running on the remote host.<br><br><b>Description:</b><br>This plugin attempts to determine the type and the version of the
remote web server.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The remote web server type is :

Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6

Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10107">10107</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service allows renegotiation of TLS / SSL connections.<br><br><b>Description:</b><br>The remote service encrypts traffic using TLS / SSL but allows a
client to renegotiate the connection after the initial handshake.  An
unauthenticated remote attacker may be able to leverage this issue to 
inject an arbitrary amount of plaintext into the beginning of the
application protocol stream, which could facilitate man-in-the-middle
attacks if the service assumes that the sessions before and after
renegotiation are from the same 'client' and merges them at the 
application layer.<br><br><b>Risk factor:</b><br>Low<br><br><b>CVSS Base Score:</b>2.6<br>CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N<br><br><b>See also:</b><br>http://extendedsubset.com/?p=8<br><br><b>See also:</b><br>http://www.ietf.org/mail-archive/web/tls/current/msg03948.html<br><br><b>See also:</b><br>http://www.kb.cert.org/vuls/id/120541<br><br><b>See also:</b><br>http://www.g-sec.lu/practicaltls.pdf<br><br><b>See also:</b><br>http://tools.ietf.org/html/rfc5746<br><br><b>Solution:</b><br>Contact the vendor for specific patch information.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=42880">42880</a><br><br><b>CVE: </b><br>CVE-2009-3555<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36935">36935</a><br><br><b>Other references: </b><br>OSVDB:59968,
 OSVDB:59969, OSVDB:59970, OSVDB:59971, OSVDB:59972, OSVDB:59973, 
OSVDB:59974, OSVDB:60521, OSVDB:61234, OSVDB:61718, OSVDB:62210, 
OSVDB:62536, CWE:310</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SSL Cipher Suites Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service encrypts communications using SSL.<br><br><b>Description:</b><br>This script detects which SSL ciphers are supported by the remote
service for encrypting communications.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://www.openssl.org/docs/apps/ciphers.html<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
Here is the list of SSL ciphers supported by the remote server :

  Low Strength Ciphers (&lt; 56-bit key)
    SSLv2
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)        Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)        Mac=MD5    export     
    SSLv3
      EXP-EDH-RSA-DES-CBC-SHA    Kx=DH(512)    Au=RSA     Enc=DES(40)        Mac=SHA1   export     
      EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA     Enc=DES(40)        Mac=SHA1   export     
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)        Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)        Mac=MD5    export     
    TLSv1
      EXP-EDH-RSA-DES-CBC-SHA    Kx=DH(512)    Au=RSA     Enc=DES(40)        Mac=SHA1   export     
      EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA     Enc=DES(40)        Mac=SHA1   export     
      EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)        Mac=MD5    export     
      EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)        Mac=MD5    export     

  Medium Strength Ciphers (&gt;= 56-bit and &lt; 112-bit key)
    SSLv2
      DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)        Mac=MD5    
    SSLv3
      EDH-RSA-DES-CBC-SHA        Kx=DH         Au=RSA     Enc=DES(56)        Mac=SHA1   
      DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)        Mac=SHA1   
    TLSv1
      EDH-RSA-DES-CBC-SHA        Kx=DH         Au=RSA     Enc=DES(56)        Mac=SHA1   
      DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)        Mac=SHA1   

  High Strength Ciphers (&gt;= 112-bit key)
    SSLv2
      DES-CBC3-MD5               Kx=RSA        Au=RSA     Enc=3DES(168)      Mac=MD5    
      IDEA-CBC-MD5               Kx=RSA        Au=RSA     Enc=IDEA(128)      Mac=MD5    
      RC2-CBC-MD5                Kx=RSA        Au=RSA     Enc=RC2(128)       Mac=MD5    
      RC4-MD5                    Kx=RSA        Au=RSA     Enc=RC4(128)       Mac=MD5    
    SSLv3
      EDH-RSA-DES-CBC3-SHA       Kx=DH         Au=RSA     Enc=3DES(168)      Mac=SHA1   
      DES-CBC3-SHA               Kx=RSA        Au=RSA     Enc=3DES(168)      Mac=SHA1   
      IDEA-CBC-SHA               Kx=RSA        Au=RSA     Enc=IDEA(128)      Mac=SHA1   
      RC4-MD5                    Kx=RSA        Au=RSA     Enc=RC4(128)       Mac=MD5    
      RC4-SHA                    Kx=RSA        Au=RSA     Enc=RC4(128)       Mac=SHA1   
    TLSv1
      EDH-RSA-DES-CBC3-SHA       Kx=DH         Au=RSA     Enc=3DES(168)      Mac=SHA1   
      DHE-RSA-AES128-SHA         Kx=DH         Au=RSA     Enc=AES(128)       Mac=SHA1   
      DHE-RSA-AES256-SHA         Kx=DH         Au=RSA     Enc=AES(256)       Mac=SHA1   
      DES-CBC3-SHA               Kx=RSA        Au=RSA     Enc=3DES(168)      Mac=SHA1   
      AES128-SHA                 Kx=RSA        Au=RSA     Enc=AES(128)       Mac=SHA1   
      AES256-SHA                 Kx=RSA        Au=RSA     Enc=AES(256)       Mac=SHA1   
      IDEA-CBC-SHA               Kx=RSA        Au=RSA     Enc=IDEA(128)      Mac=SHA1   
      RC4-MD5                    Kx=RSA        Au=RSA     Enc=RC4(128)       Mac=MD5    
      RC4-SHA                    Kx=RSA        Au=RSA     Enc=RC4(128)       Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=21643">21643</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SSL Session Resume Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote host allows resuming SSL sessions.<br><br><b>Description:</b><br>This script detects whether a host allows resuming SSL sessions by
performing a full SSL handshake to receive a session ID, and then
reconnecting with the previously used session ID.  If the server
accepts the session ID in the second connection, the server maintains
a cache of sessions that can be resumed.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
 This port supports resuming SSLv3/TLSv1 sessions.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51891">51891</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SSL Certificate Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>This plugin displays the SSL certificate.<br><br><b>Description:</b><br>This plugin connects to every SSL-related port and attempts to 
extract and dump the X.509 certificate.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>Subject Name: 

Organization: Apache Friends
Organization Unit: XAMPP for Windows
Common Name: localhost

Issuer Name: 

Organization: Apache Friends
Organization Unit: XAMPP for Windows
Common Name: localhost

Serial Number: 00 8F A9 82 59 12 3A 1B E8 

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Dec 04 15:11:04 2005 GMT
Not Valid After: Dec 04 15:11:04 2006 GMT

Public Key Info: 

Algorithm: RSA Encryption
Public Key: 00 A8 91 0B 69 4F 18 DA C1 29 9A AC B1 D5 B3 AE EF 92 A7 AB 
            CC 0D 57 C4 15 EA B7 9B DC C2 84 CE 3E 2A 41 21 EC 29 A2 FC 
            E3 62 16 A8 0F 4F D0 65 4B 9B 51 DC 63 A2 8C ED E2 06 F8 12 
            31 50 23 91 E2 8C C0 AD 73 83 47 B5 02 CB AE 54 F8 2D 9D 48 
            DC 45 27 D8 5C 5D 6F 15 FD 2F 99 1A 2E BE C1 91 BA AF B5 3C 
            83 B7 52 CF A4 E8 C3 74 51 62 22 96 28 5F EF 04 A9 D3 68 DF 
            BC C4 02 DA 73 93 F5 59 2F 
Exponent: 01 00 01 

Signature: 00 1D 1F 34 D8 0B FF DF DE 71 59 0A C2 9B 3A C6 6F AF 97 93 
           5A 77 2E 9B 00 0F 9F 32 E0 87 B7 8A A0 10 4E 82 37 00 CA E1 
           D4 36 16 90 CD A3 62 DC 67 26 E6 8D F7 14 E2 5E 8D 3C 8C 44 
           51 8E 9E 76 03 42 DC 42 B6 52 C9 DB 17 B7 CD F2 0D FC A4 FF 
           F7 FF 9A FB B5 11 9E 58 3E C4 C3 A0 A3 F8 6A F4 D4 03 2F 65 
           84 95 DF 52 FF 1C 92 A9 35 DB 67 74 3E 77 D6 3A D8 6D 3B 08 
           28 34 9B 86 27 31 92 E7 45 

<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10863">10863</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service could be identified.<br><br><b>Description:</b><br>It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>A web server is running on this port through TLSv1.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22964">22964</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service could be identified.<br><br><b>Description:</b><br>It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>A TLSv1 server answered on this port.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22964">22964</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_cifs(445/cifs)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_cifs_445")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port cifs (445/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_cifs_445" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
SMB implementation.<br><br><b>Description:</b><br>The remote version of Windows contains a flaw in the Server Message
Block (SMB) implementation that may allow an attacker to execute
arbitrary code on the remote host. 

An attacker does not need to be authenticated to exploit this flaw.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms05-027.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=18502">18502</a><br><br><b>CVE: </b><br>CVE-2005-1206<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/13942">13942</a><br><br><b>Other references: </b><br>IAVA:2005-t-0019, OSVDB:17308, MSFT:MS05-027</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to heap overflow in the 'Server' service
that may allow an attacker to execute arbitrary code on the remote
host with 'SYSTEM' privileges. 

In addition to this, the remote host is also affected by an
information disclosure vulnerability in SMB that may allow an attacker
to obtain portions of the memory of the remote host.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22034">22034</a><br><br><b>CVE: </b><br>CVE-2006-1314, CVE-2006-1315<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/18863">18863</a>, <a href="http://www.securityfocus.com/bid/18891">18891</a><br><br><b>Other references: </b><br>OSVDB:27154, OSVDB:27155, MSFT:MS06-035</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to crash the remote host due to a flaw in SMB.<br><br><b>Description:</b><br>The remote host is affected by a memory corruption vulnerability in
SMB that may allow an attacker to execute arbitrary code or perform a
denial of service against the remote host.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35362">35362</a><br><br><b>CVE: </b><br>CVE-2008-4834, CVE-2008-4835, CVE-2008-4114<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/31179">31179</a>, <a href="http://www.securityfocus.com/bid/33121">33121</a>, <a href="http://www.securityfocus.com/bid/33122">33122</a><br><br><b>Other references: </b><br>OSVDB:48153, OSVDB:52691, OSVDB:52692, MSFT:MS09-001</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with 'SYSTEM' privileges.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22194">22194</a><br><br><b>CVE: </b><br>CVE-2006-3439<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/19409">19409</a><br><br><b>Other references: </b><br>OSVDB:27845, MSFT:MS06-040</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Registry : Nessus Cannot Access the Windows Registry</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Nessus is not able to access the remote Windows Registry.<br><br><b>Description:</b><br>It was not possible to connect to PIPE\winreg on the remote host.

If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>Could not connect to the registry because:
Could not connect to \winreg<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=26917">26917</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB LanMan Pipe Server Listing Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain network information.<br><br><b>Description:</b><br>It was possible to obtain the browse list of the remote Windows system
by send a request to the LANMAN pipe.  The browse list is the list of
the nearest Windows systems of the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
Here is the browse list of the remote host : 

IT-NWIB91G1ZGH8 ( os : 5.2 )
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10397">10397</a><br><br><b>Other references: </b><br>OSVDB:300</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Windows SMB NULL Session Authentication</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to log into the remote Windows host with a NULL
session.<br><br><b>Description:</b><br>The remote host is running Microsoft Windows, and it was possible to
log into it using a NULL session (i.e., with no login or password).  An
unauthenticated remote attacker can leverage this issue to get
information about the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://support.microsoft.com/kb/q143474/<br><br><b>See also:</b><br>http://support.microsoft.com/kb/q246261/<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=26920">26920</a><br><br><b>CVE: </b><br>CVE-1999-0519, CVE-1999-0520, CVE-2002-1117<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/494">494</a><br><br><b>Other references: </b><br>OSVDB:299</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Log In Possible</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to log into the remote host.<br><br><b>Description:</b><br>The remote host is running Microsoft Windows operating
system or Samba, a CIFS/SMB server for Unix.  It was 
possible to log into it using one of the following 
account :

- NULL session
- Guest account
- Given Credentials<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP<br><br><b>See also:</b><br>http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>- NULL sessions are enabled on the remote host
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10394">10394</a><br><br><b>CVE: </b><br>CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/494">494</a>, <a href="http://www.securityfocus.com/bid/990">990</a>, <a href="http://www.securityfocus.com/bid/11199">11199</a><br><br><b>Other references: </b><br>OSVDB:297, OSVDB:3106, OSVDB:8230, OSVDB:10050</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB NativeLanManager Remote System Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain information about the remote operating
system.<br><br><b>Description:</b><br>It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The remote Operating System is : Windows Server 2003 3790 Service Pack 1
The remote native lan manager is : Windows Server 2003 5.2
The remote SMB Domain Name is : IT-NWIB91G1ZGH8
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10785">10785</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">DCE Services Enumeration</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A DCE/RPC service is running on the remote host.<br><br><b>Description:</b><br>By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>N/A<br><br><b>Plugin output:</b><br>
The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
Named pipe : \PIPE\lsass
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP &amp; 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\lsass
Netbios name : \\IT-NWIB91G1ZGH8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\IT-NWIB91G1ZGH8

<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10736">10736</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A file / print sharing service is listening on the remote host.<br><br><b>Description:</b><br>The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
A CIFS server is running on this port.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11011">11011</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.10.5_www(80/www)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.10.5_www_80")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port www (80/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.10.5_www_80" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">XAMPP Example Pages Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server allows access to its example pages.<br><br><b>Description:</b><br>The remote web server makes available example scripts from XAMPP, an
easy-to-install Apache distribution containing MySQL, PHP, and Perl. 
Allowing access to these examples is not recommended since some are
known to disclose sensitive information about the remote host and
others may be affected by vulnerabilities such as cross-site scripting
issues.  Additionally, some pages have known cross-site scripting,
SQL injection, and local file inclusion vulnerabilities.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>Solution:</b><br>Consult XAMPP's documentation for information about securing the
example pages as well as other applications if necessary.<br><br><b>Plugin output:</b><br>
Nessus was able to access XAMPP's examples using the following URL :

  http://172.16.10.5/xampp/index.php
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=33822">33822</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.14 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities\n<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the 
remote host is older than 2.2.14.  Such versions are potentially
affected by multiple vulnerabilities :

  - Faulty error handling in the Solaris pollset support 
    could lead to a denial of service. (CVE-2009-2699)

  - The 'mod_proxy_ftp' module allows remote attackers to 
    bypass intended access restrictions. (CVE-2009-3095)

  - The 'ap_proxy_ftp_handler' function in 
    'modules/proxy/proxy_ftp.c' in the 'mod_proxy_ftp' 
    module allows remote FTP servers to cause a 
    denial-of-service. (CVE-2009-3094)

Note that the remote web server may not actually be affected by these
vulnerabilities as Nessus did not try to determine whether the affected
modules are in use or check for the issues themselves.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.securityfocus.com/advisories/17947<br><br><b>See also:</b><br>http://www.securityfocus.com/advisories/17959<br><br><b>See also:</b><br>http://www.intevydis.com/blog/?p=59<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=47645<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.14<br><br><b>Solution:</b><br>Either ensure the affected modules are not in use or upgrade to Apache
version 2.2.14 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.14
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=42052">42052</a><br><br><b>CVE: </b><br>CVE-2009-2699, CVE-2009-3094, CVE-2009-3095<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36254">36254</a>, <a href="http://www.securityfocus.com/bid/36260">36260</a>, <a href="http://www.securityfocus.com/bid/36596">36596</a><br><br><b>Other references: </b><br>OSVDB:57851, OSVDB:57882, OSVDB:58879, Secunia:36549, CWE:264</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.15 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.15.  Such versions are potentially
affected by multiple vulnerabilities :

  - A TLS renegotiation prefix injection attack is possible. 
    (CVE-2009-3555)

  - The 'mod_proxy_ajp' module returns the wrong status code
    if it encounters an error which causes the back-end 
    server to be put into an error state. (CVE-2010-0408)

  - The 'mod_isapi' attempts to unload the 'ISAPI.dll' when
    it encounters various error states which could leave
    call-backs in an undefined state. (CVE-2010-0425)

  - A flaw in the core sub-request process code can lead to
    sensitive information from a request being handled by 
    the wrong thread if a multi-threaded environment is
    used. (CVE-2010-0434)<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=48359<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.15<br><br><b>Solution:</b><br>Upgrade to Apache version 2.2.15 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.15
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=45004">45004</a><br><br><b>CVE: </b><br>CVE-2009-3555, CVE-2010-0408, CVE-2010-0425, CVE-2010-0434<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36935">36935</a>, <a href="http://www.securityfocus.com/bid/38491">38491</a>, <a href="http://www.securityfocus.com/bid/38494">38494</a>, <a href="http://www.securityfocus.com/bid/38580">38580</a><br><br><b>Other references: </b><br>OSVDB:59969, OSVDB:62674, OSVDB:62675, OSVDB:62676, Secunia:38776, CWE:200</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.14 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.14.  Such versions may be affected by
several security issues :

  - An error exists when processing invalid XML-RPC 
    requests that can lead to a NULL pointer
    dereference. (bug #51288) (CVE-2010-0397)

  - An error exists in the function 'fnmatch' that can lead
    to stack exhaustion.

  - An error exists in the sqlite extension that could 
    allow arbitrary memory access.

  - A memory corruption error exists in the function
    'substr_replace'.

  - The following functions are not properly protected
    against function interruptions :

    addcslashes, chunk_split, html_entity_decode, 
    iconv_mime_decode, iconv_substr, iconv_mime_encode,
    htmlentities, htmlspecialchars, str_getcsv,
    http_build_query, strpbrk, strstr, str_pad,
    str_word_count, wordwrap, strtok, setcookie, 
    strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack, 
    uasort, preg_match, strrchr, strchr, substr, str_repeat
    (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,
    CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,
    CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)

  - The following opcodes are not properly protected 
    against function interruptions :

    ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW
    (CVE-2010-2191)

  - The default session serializer contains an error
    that can be exploited when assigning session
    variables having user defined names. Arbitrary
    serialized values can be injected into sessions by
    including the PS_UNDEF_MARKER, '!', character in
    variable names.

  - A use-after-free error exists in the function
    'spl_object_storage_attach'. (CVE-2010-2225)

  - An information disclosure vulnerability exists in the
    function 'var_export' when handling certain error 
    conditions. (CVE-2010-2531)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_14.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.14<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.14 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.14
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=48244">48244</a><br><br><b>CVE: </b><br>CVE-2010-0397,
 CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, 
CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, 
CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3065<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/38708">38708</a>, <a href="http://www.securityfocus.com/bid/40948">40948</a>, <a href="http://www.securityfocus.com/bid/41991">41991</a><br><br><b>Other references: </b><br>OSVDB:63078,
 OSVDB:64322, OSVDB:64544, OSVDB:64546, OSVDB:65755, OSVDB:66087, 
OSVDB:66093, OSVDB:66094, OSVDB:66095, OSVDB:66096, OSVDB:66097, 
OSVDB:66098, OSVDB:66099, OSVDB:66100, OSVDB:66101, OSVDB:66102, 
OSVDB:66103, OSVDB:66104, OSVDB:66105, OSVDB:66106, OSVDB:66798, 
OSVDB:66804, OSVDB:66805, Secunia:39675, Secunia:40268</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.15 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.15.  Such versions may be affected by
several security issues :
  
  - A crash in the zip extract method.

  - A possible double free exists in the imap extension.
    (CVE-2010-4150)

  - An unspecified flaw exists in 'open_basedir'. 
    (CVE-2010-3436)

  - A possible crash could occur in 'mssql_fetch_batch()'.
  
  - A NULL pointer dereference exists in 
    'ZipArchive::getArchiveComment'. (CVE-2010-3709)

  - A crash exists if anti-aliasing steps are invalid.
    (Bug #53492)

  - A crash exists in pdo_firebird getAttribute(). (Bug 
    #53323)

  - A user-after-free vulnerability in the Zend engine when
    a '__set()', '__get()', '__isset()' or '__unset()' 
    method is called can allow for a denial of service 
    attack. (Bug #52879 / CVE-2010-4697)

  - A stack-based buffer overflow exists in the 
    'imagepstext()' function in the GD extension. (Bug 
    #53492 / CVE-2010-4698)
    
  - The extract function does not prevent use of the
    EXTR_OVERWRITE parameter to overwrite the GLOBALS
    superglobal array and the 'this' variable, which
    allows attackers to bypass intended access restrictions.
    (CVE-2011-0752)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_15.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.15<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.15 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.15
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51139">51139</a><br><br><b>CVE: </b><br>CVE-2010-3436, CVE-2010-3709, CVE-2010-4150, CVE-2010-4697, CVE-2010-4698, CVE-2011-0752<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/44718">44718</a>, <a href="http://www.securityfocus.com/bid/44723">44723</a>, <a href="http://www.securityfocus.com/bid/45335">45335</a>, <a href="http://www.securityfocus.com/bid/45952">45952</a>, <a href="http://www.securityfocus.com/bid/46448">46448</a><br><br><b>Other references: </b><br>OSVDB:68597, OSVDB:69109, OSVDB:69110, OSVDB:69660, OSVDB:70607, OSVDB:70608</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">PHP 5 &lt; 5.2.7 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.7.  Such versions may be affected by several
security issues :

  - File truncation can occur when calling 'dba_replace()'
    with an invalid argument.

  - There is a buffer overflow in the bundled PCRE library
    fixed by 7.8. (CVE-2008-2371)

  - A buffer overflow in the 'imageloadfont()' function in
    'ext/gd/gd.c' can be triggered when a specially crafted
    font is given. (CVE-2008-3658)

  - There is a buffer overflow in PHP's internal function
    'memnstr()', which is exposed to userspace as 
    'explode()'. (CVE-2008-3659)

  - When used as a FastCGI module, PHP segfaults when 
    opening a file whose name contains two dots (eg, 
    'file..php'). (CVE-2008-3660)

  - Multiple directory traversal vulnerabilities in 
    functions such as 'posix_access()', 'chdir()', 'ftok()'
    may allow a remote attacker to bypass 'safe_mode' 
    restrictions. (CVE-2008-2665 and CVE-2008-2666).

  - A buffer overflow may be triggered when processing long
    message headers in 'php_imap.c' due to use of an 
    obsolete API call. (CVE-2008-2829)

  - A heap-based buffer overflow may be triggered via
    a call to 'mb_check_encoding()', part of the 'mbstring'
    extension. (CVE-2008-5557)

  - Missing initialization of 'BG(page_uid)' and 
    'BG(page_gid)' when PHP is used as an Apache module 
    may allow for bypassing security restriction due to
    SAPI 'php_getuid()' overloading. (CVE-2008-5624)

  - Incorrect 'php_value' order for Apache configuration
    may allow bypassing PHP's 'safe_mode' setting.
    (CVE-2008-5625)

  - The ZipArchive:extractTo() method in the ZipArchive
    extension fails to filter directory traversal 
    sequences from file names. (CVE-2008-5658)<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/57<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/58<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/59<br><br><b>See also:</b><br>http://www.sektioneins.de/advisories/SE-2008-06.txt<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html<br><br><b>See also:</b><br>http://www.openwall.com/lists/oss-security/2008/08/08/2<br><br><b>See also:</b><br>http://www.openwall.com/lists/oss-security/2008/08/13/8<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=42862<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45151<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45722<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_7.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.7<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.8 or later.

Note that 5.2.7 was been removed from distribution because of a
regression in that version that results in the 'magic_quotes_gpc'
setting remaining off even if it was set to on.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.7
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35043">35043</a><br><br><b>CVE: </b><br>CVE-2008-2371,
 CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, 
CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, 
CVE-2008-5625, CVE-2008-5658<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/29796">29796</a>, <a href="http://www.securityfocus.com/bid/29797">29797</a>, <a href="http://www.securityfocus.com/bid/29829">29829</a>, <a href="http://www.securityfocus.com/bid/30087">30087</a>, <a href="http://www.securityfocus.com/bid/30649">30649</a>, <a href="http://www.securityfocus.com/bid/31612">31612</a>, <a href="http://www.securityfocus.com/bid/32383">32383</a>, <a href="http://www.securityfocus.com/bid/32625">32625</a>, <a href="http://www.securityfocus.com/bid/32688">32688</a>, <a href="http://www.securityfocus.com/bid/32948">32948</a><br><br><b>Other references: </b><br>OSVDB:46584,
 OSVDB:46638, OSVDB:46639, OSVDB:46641, OSVDB:46690, OSVDB:47796, 
OSVDB:47797, OSVDB:47798, OSVDB:50480, OSVDB:51477, OSVDB:52205, 
OSVDB:52206, OSVDB:52207, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">HTTP TRACE / TRACK Methods Allowed</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Debugging functions are enabled on the remote web server.<br><br><b>Description:</b><br>The remote webserver supports the TRACE and/or TRACK methods.  TRACE
and TRACK are HTTP methods that are used to debug web server
connections.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>See also:</b><br>http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf<br><br><b>See also:</b><br>http://www.apacheweek.com/issues/03-01-24<br><br><b>See also:</b><br>http://www.kb.cert.org/vuls/id/288308<br><br><b>See also:</b><br>http://www.kb.cert.org/vuls/id/867593<br><br><b>See also:</b><br>http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1<br><br><b>Solution:</b><br>Disable these methods.  Refer to the plugin output for more information.<br><br><b>Plugin output:</b><br>
To disable these methods, add the following lines for each virtual
host in your configuration file :

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request : 

------------------------------ snip ------------------------------
TRACE /Nessus129796311.html HTTP/1.1
Connection: Close
Host: 172.16.10.5
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------
HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 13:42:57 GMT
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: message/http


TRACE /Nessus129796311.html HTTP/1.1
Connection: Keep-Alive
Host: 172.16.10.5
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11213">11213</a><br><br><b>CVE: </b><br>CVE-2003-1567, CVE-2004-2320, CVE-2010-0386<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/9506">9506</a>, <a href="http://www.securityfocus.com/bid/9561">9561</a>, <a href="http://www.securityfocus.com/bid/11604">11604</a>, <a href="http://www.securityfocus.com/bid/33374">33374</a>, <a href="http://www.securityfocus.com/bid/37995">37995</a><br><br><b>Other references: </b><br>OSVDB:877, OSVDB:3726, OSVDB:5648, OSVDB:50485, CWE:16</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.x &lt; 2.2.12 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server may be affected by several issues.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.12.  Such versions may be affected by
several issues, including :

  - A heap buffer underwrite flaw exists in the function
    'apr_strmatch_precompile()' in the bundled copy of the
    APR-util library, which could be triggered when parsing
    configuration data to crash the daemon. (CVE-2009-0023)

  - A flaw in the mod_proxy_ajp module in version 2.2.11
    only may allow a remote attacker to obtain sensitive
    response data intended for a client that sent an
    earlier POST request with no request body. 
    (CVE-2009-1191)

  - The server does not limit the use of directives in a
    .htaccess file as expected based on directives such
    as 'AllowOverride' and 'Options' in the configuration
    file, which could enable a local user to bypass
    security restrictions. (CVE-2009-1195)

  - Failure to properly handle an amount of streamed data
    that exceeds the Content-Length value allows a remote
    attacker to force a proxy process to consume CPU time
    indefinitely when mod_proxy is used in a reverse proxy
    configuration. (CVE-2009-1890)

  - Failure of mod_deflate to stop compressing a file when
    the associated network connection is closed may allow a
    remote attacker to consume large amounts of CPU if
    there is a large (&gt;10 MB) file available that has
    mod_deflate enabled. (CVE-2009-1891)

  - Using a specially crafted XML document with a large
    number of nested entities, a remote attacker may be
    able to consume an excessive amount of memory due to
    a flaw in the bundled expat XML parser used by the
    mod_dav and mod_dav_svn modules. (CVE-2009-1955)

  - There is an off-by-one overflow in the function
    'apr_brigade_vprintf()' in the bundled copy of the
    APR-util library in the way it handles a variable list
    of arguments, which could be leveraged on big-endian 
    platforms to perform information disclosure or denial 
    of service attacks. (CVE-2009-1956)

Note that Nessus has relied solely on the version in the Server
response header and did not try to check for the issues themselves or
even whether the affected modules are in use.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.4<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.12<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>Solution:</b><br>Either ensure that the affected modules / directives are not in use or
upgrade to Apache version 2.2.12 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.12
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=40467">40467</a><br><br><b>CVE: </b><br>CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/34663">34663</a>, <a href="http://www.securityfocus.com/bid/35115">35115</a>, <a href="http://www.securityfocus.com/bid/35221">35221</a>, <a href="http://www.securityfocus.com/bid/35251">35251</a>, <a href="http://www.securityfocus.com/bid/35253">35253</a>, <a href="http://www.securityfocus.com/bid/35565">35565</a>, <a href="http://www.securityfocus.com/bid/35623">35623</a><br><br><b>Other references: </b><br>OSVDB:53921, OSVDB:54733, OSVDB:55057, OSVDB:55058, OSVDB:55059, OSVDB:55553, OSVDB:55782, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.16 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server is affected by multiple vulnerabilities.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.16.  Such versions are potentially
affected by multiple vulnerabilities :

  - A denial-of-service vulnerability in mod_cache and 
    mod_dav. (CVE-2010-1452)
  
  - An information disclosure vulnerability in mod_proxy_ajp,
    mod_reqtimeout, and mod_proxy_http relating to timeout 
    conditions. Note that this issue only affects Apache on 
    Windows, Netware, and OS/2. (CVE-2010-2068)

Note that the remote web server may not actually be affected by these
vulnerabilities.  Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>4.3<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=49246<br><br><b>See also:</b><br>https://issues.apache.org/bugzilla/show_bug.cgi?id=49417<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.16<br><br><b>Solution:</b><br>Upgrade to Apache version 2.2.16 or later.<br><br><b>Plugin output:</b><br>
  Installed Version : 2.2.9
  Version Source    : Server: Apache/2.2.9
  Fixed Version     : 2.2.16
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=48205">48205</a><br><br><b>CVE: </b><br>CVE-2010-1452, CVE-2010-2068<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/40827">40827</a>, <a href="http://www.securityfocus.com/bid/41963">41963</a><br><br><b>Other references: </b><br>OSVDB:65654, OSVDB:66745, Secunia:40206</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">Apache 2.2 &lt; 2.2.17 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server may be affected by several issues.<br><br><b>Description:</b><br>According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.17.  Such versions may be affected by
several issues, including :

  - Errors exist in the bundled expat library that may allow
    an attacker to crash the server when a buffer is over-
    read when parsing an XML document. (CVE-2009-3720 and
    CVE-2009-3560)

  - An error exists in the 'apr_brigade_split_line' 
    function in the bundled APR-util library. Carefully
    timed bytes in requests result in gradual memory
    increases leading to a denial of service. 
    (CVE-2010-1623)
 
Note that the remote web server may not actually be affected by these
vulnerabilities.  Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://www.apache.org/dist/httpd/CHANGES_2.2.17<br><br><b>See also:</b><br>http://httpd.apache.org/security/vulnerabilities_22.html<br><br><b>Solution:</b><br>Either ensure that the affected modules are not in use or upgrade to
Apache version 2.2.17 or later.<br><br><b>Plugin output:</b><br>
  Version source    : Server: Apache/2.2.9
  Installed version : 2.2.9
  Fixed version     : 2.2.17
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=50070">50070</a><br><br><b>CVE: </b><br>CVE-2009-3560, CVE-2009-3720, CVE-2010-1623<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/37203">37203</a>, <a href="http://www.securityfocus.com/bid/36097">36097</a>, <a href="http://www.securityfocus.com/bid/43673">43673</a><br><br><b>Other references: </b><br>OSVDB:59737, OSVDB:60797, OSVDB:68327, Secunia:41701, CWE:119</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.9 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.9.  Such versions may be affected by several
security issues :

  - Background color is not correctly validated with a non true
    color image in function 'imagerotate()'. (CVE-2008-5498)

  - A denial of service condition can be triggered by trying to 
    extract zip files that contain files with relative paths 
    in file or directory names.

  - Function 'explode()' is affected by an unspecified 
    vulnerability.

  - It may be possible to trigger a segfault by passing a 
    specially crafted string to function 'json_decode()'.

  - Function 'xml_error_string()' is affected by a flaw
    which results in messages being off by one.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://news.php.net/php.internals/42762<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_9.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.9<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.9 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.9
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35750">35750</a><br><br><b>CVE: </b><br>CVE-2008-5498<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/33002">33002</a>, <a href="http://www.securityfocus.com/bid/33927">33927</a><br><br><b>Other references: </b><br>OSVDB:51031, Secunia:34081, CWE:200</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.3.2 / 5.2.13 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.3.2 / 5.2.13.  Such versions may be affected by
several security issues :

  - Directory paths not ending with '/' may not be
    correctly validated inside 'tempnam()' in 
    'safe_mode' configuration.

  - It may be possible to bypass the 'open_basedir'/ 
    'safe_mode' configuration restrictions due to an
    error in session extensions.

  - An unspecified vulnerability affects the LCG entropy.<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.4<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N<br><br><b>See also:</b><br>http://securityreason.com/achievement_securityalert/82<br><br><b>See also:</b><br>http://securityreason.com/securityalert/7008<br><br><b>See also:</b><br>http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0209.html<br><br><b>See also:</b><br>http://www.php.net/releases/5_3_2.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.3.2<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_13.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.13<br><br><b>Solution:</b><br>Upgrade to PHP version 5.3.2 / 5.2.13 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.3.2 / 5.2.13
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=44921">44921</a><br><br><b>CVE: </b><br>CVE-2010-1128, CVE-2010-1129, CVE-2010-1130<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/38182">38182</a>, <a href="http://www.securityfocus.com/bid/38430">38430</a>, <a href="http://www.securityfocus.com/bid/38431">38431</a><br><br><b>Other references: </b><br>OSVDB:62582, OSVDB:62583, OSVDB:63323, Secunia:38708</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.12 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.12.  Such versions may be affected by several
security issues :

  - It is possible to bypass the 'safe_mode' configuration
    setting using 'tempnam()'. (CVE-2009-3557)

  - It is possible to bypass the 'open_basedir' 
    configuration setting using 'posix_mkfifo()'. 
    (CVE-2009-3558)

  - Provided file uploading is enabled (it is by default),
    an attacker can upload files using a POST request with
    'multipart/form-data' content even if the target script
    doesn't actually support file uploads per se.  By 
    supplying a large number (15,000+) of files, he may be
    able to cause the web server to stop responding while
    it processes the file list. (CVE-2009-4017)

  - Missing protection for '$_SESSION' from interrupt
    corruption and improved 'session.save_path' check.
    (CVE-2009-4143)

  - Insufficient input string validation in the 
    'htmlspecialchars()' function. (CVE-2009-4142)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>6.8<br>CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://www.nessus.org/u?57f2d08f<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_12.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.12<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.12 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.12
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=43351">43351</a><br><br><b>CVE: </b><br>CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4142, CVE-2009-4143<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/37389">37389</a>, <a href="http://www.securityfocus.com/bid/37390">37390</a><br><br><b>Other references: </b><br>OSVDB:60434, OSVDB:60435, OSVDB:60451, OSVDB:61208, OSVDB:61209, Secunia:37821, CWE:264</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.11 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple flaws.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.11.  Such versions may be affected by several
security issues :

  - An unspecified error occurs in certificate validation
    inside 'php_openssl_apply_verification_policy'.

  - An unspecified input validation vulnerability affects
    the color index in 'imagecolortransparent()'.

  - An unspecified input validation vulnerability affects
    exif processing.

  - Calling 'popen()' with an invalid mode can cause a
    crash under Windows. (Bug #44683)

  - An integer overflow in 'xml_utf8_decode()' can make it
    easier to bypass cross-site scripting and SQL injection 
    protection mechanisms using a specially crafted string 
    with a long UTF-8 encoding. (Bug #49687)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.0<br>CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_11.php<br><br><b>See also:</b><br>http://news.php.net/php.internals/45597<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.11<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.11 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.11
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=41014">41014</a><br><br><b>CVE: </b><br>CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3294, CVE-2009-5016<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/36449">36449</a>, <a href="http://www.securityfocus.com/bid/44889">44889</a><br><br><b>Other references: </b><br>OSVDB:58185, OSVDB:58186, OSVDB:58187, OSVDB:58188, OSVDB:69227, Secunia:36791, CWE:20</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_med"><td class="plugin_label" align="left">PHP &lt; 5.2.10 Multiple Vulnerabilities</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.<br><br><b>Description:</b><br>According to its banner, the version of PHP installed on the remote
host is older than 5.2.10.  Such versions are reportedly affected by
multiple vulnerabilities :

  - Sufficient checks are not performed on fields reserved 
    for offsets in function 'exif_read_data()'. Successful 
    exploitation of this issue could result in a denial of 
    service condition. (bug 48378)

  - Provided 'safe_mode_exec_dir' is not set (not set by
    default), it may be possible to bypass 'safe_mode' 
    restrictions by preceding a backslash in functions 
    such as 'exec()', 'system()', 'shell_exec()', 
    'passthru()' and 'popen()' on a system running PHP 
    on Windows. (bug 45997)<br><br><b>Risk factor:</b><br>Medium<br><br><b>CVSS Base Score:</b>5.1<br>CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=45997<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=48378<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_10.php<br><br><b>See also:</b><br>http://www.php.net/ChangeLog-5.php#5.2.10<br><br><b>Solution:</b><br>Upgrade to PHP version 5.2.10 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.10
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=39480">39480</a><br><br><b>CVE: </b><br>CVE-2009-2687<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/35440">35440</a>, <a href="http://www.securityfocus.com/bid/35435">35435</a><br><br><b>Other references: </b><br>OSVDB:55222, OSVDB:55223, OSVDB:55224, Secunia:35441, CWE:20</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Web Server robots.txt Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server contains a 'robots.txt' file.<br><br><b>Description:</b><br>The remote host contains a file named 'robots.txt' that is intended to
prevent web 'robots' from visiting certain directories in a web site for
maintenance or indexing purposes.  A malicious user may also be able to
use the contents of this file to learn of sensitive documents or
directories on the affected site and either retrieve them directly or
target them for other attacks.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://www.robotstxt.org/wc/exclusion.html<br><br><b>Solution:</b><br>Review the contents of the site's robots.txt file, use Robots META tags
instead of entries in the robots.txt file, and/or adjust the web
server's access controls to limit access to sensitive material.<br><br><b>Plugin output:</b><br>Contents of robots.txt :

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/
Disallow: /xmlrpc/
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10302">10302</a><br><br><b>Other references: </b><br>OSVDB:238</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">WebDAV Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote server is running with WebDAV enabled.<br><br><b>Description:</b><br>WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.

If you do not use this extension, you should disable it.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>http://support.microsoft.com/default.aspx?kbid=241520<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11424">11424</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">PHP 5.2 &lt; 5.2.17 / 5.3 &lt; 5.3.5 String To Double Conversion DoS</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote web server uses a version of PHP that is affected by
a denial of service vulnerability.<br><br><b>Description:</b><br>According to its banner, the version of PHP 5.x installed on the
remote host is older than 5.2.17 or 5.3.5. 

Such versions may experience a crash while performing string to double
conversion for certain numeric values.  Only x86 32-bit PHP processes
are known to be affected by this issue regardless of whether the
system running PHP is 32-bit or 64-bit.<br><br><b>Risk factor:</b><br>Low<br><br><b>CVSS Base Score:</b>2.6<br>CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P<br><br><b>See also:</b><br>http://bugs.php.net/bug.php?id=53632<br><br><b>See also:</b><br>http://www.php.net/distributions/test_bug53632.txt<br><br><b>See also:</b><br>http://www.php.net/releases/5_2_17.php<br><br><b>See also:</b><br>http://www.php.net/releases/5_3_5.php<br><br><b>Solution:</b><br>Upgrade to PHP 5.2.17/5.3.5 or later.<br><br><b>Plugin output:</b><br>
  Version source     : Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  Installed version  : 5.2.6
  Fixed version      : 5.2.17/5.3.5
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=51439">51439</a><br><br><b>CVE: </b><br>CVE-2010-4645<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/45668">45668</a><br><br><b>Other references: </b><br>OSVDB:70370</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">HyperText Transfer Protocol (HTTP) Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Some information about the remote HTTP configuration can be extracted.<br><br><b>Description:</b><br>This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc... 

This test is informational only and does not denote any security
problem.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

  Date: Sat, 26 Feb 2011 13:42:36 GMT
  Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
  X-Powered-By: PHP/5.2.6
  P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  Expires: Mon, 1 Jan 2001 00:00:00 GMT
  Last-Modified: Sat, 26 Feb 2011 13:42:37 GMT
  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  Pragma: no-cache
  Content-Length: 3999
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=utf-8
  
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=24260">24260</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">HTTP Server Type and Version</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A web server is running on the remote host.<br><br><b>Description:</b><br>This plugin attempts to determine the type and the version of the
remote web server.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The remote web server type is :

Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6

Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10107">10107</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service could be identified.<br><br><b>Description:</b><br>It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>A web server is running on this port.<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22964">22964</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
<div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc_172.16.10.5">[^] Back to 172.16.10.5</a></td></tr>
</tbody></table>
</div>
</body></html>